More Than 100,000 WordPress Websites Reportedly Infected by Russian Malware Google has already flagged 11,000 malicious domains -- though it is likely that many more than that have been compromised by a mysterious virus called 'SoakSoak.'

By Geoff Weiss

Opinions expressed by Entrepreneur contributors are their own.

Updated on July 17 at 1:55 p.m. with comments from a WordPress spokesperson.

Over 100,000 WordPress sites have been infected by a Russian virus called SoakSoak, which loads an attack code onto webpages created through the uber-popular blogging platform, according to a report by Ars Technica.

Google has already flagged roughly 11,000 malicious domains -- though it is likely that many more than that have been compromised.

According to Gizmodo, more than 70 million total sites use WordPress as a content-management system -- from personal blogs to Time.com. However, only self-hosted sites that use WordPress have been affected by the malware -- meaning personal blogs are okay.

The aim of the hackers and the consequences of the virus -- whether to steal data or otherwise -- remain unclear.

Related: 5 Lessons Leaders Can Learn From the Sony Hacking Scandal

The malware infiltrated WordPress through a vulnerability in a slideshow plug-in called Slider Revolution. While Slider Revolution has since fixed the bug with updates -- it knew about the vulnerability earlier this fall, according to Gizmodo -- the older version of the plug-in is still bundled with many WordPress themes.

"The biggest issue is that the RevSlider plugin is a premium plugin," wrote Sucuri, an online security firm that was first to identify the infection. "It's not something everyone can easily upgrade and that in itself becomes a disaster for website owners."

Ars Technica notes that Sucuri also offers a free scanner here, which can determine which sites are actively compromised.

A WordPress spokesperson could neither confirm that 100,000 sites had been infected, nor that 70 million sites use the platform as a CMS.

"Automattic [WordPress.com's parent company] is taking action to protect sites from the vulnerability," the company said in a statement. "VaultPress, a backup and security product, has included protection from this vulnerability since it was first announced back in September."

Related: Get This: Sony Hack Reveals Company Stored Passwords in Folder Labeled 'Password'

Geoff Weiss

Former Staff Writer

Geoff Weiss is a former staff writer at Entrepreneur.com.

Want to be an Entrepreneur Leadership Network contributor? Apply now to join.

Science & Technology

How I Went From Side Hustle to 7 Figures Using These 4 AI Tools (No Tech Skills Needed)

Scale faster, work less and grow a 7-figure business — no team needed.

Travel

This $50 Lifetime Travel Hack Is Made for Remote Workers

OneAir helps you save on global flights and hotels even after you've already booked.

Real Estate

Why Buying a 'Second Home' First is the New Way to Build Wealth — and Enjoy Free Vacations

The dream of owning a home has never felt more out of reach. So, a growing number of aspiring homeowners are making an unconventional choice.

Health & Wellness

How Mastering Your Nervous System Boosts Leadership Presence and Performance

Discover a modern leadership system designed to boost your effectiveness, reduce stress and bring more clarity and joy to how you lead.

Business News

Here Are the 10 Highest-Paying Jobs with the Lowest Risk of Being Replaced By AI: 'Safest Jobs Right Now'

A new report from career resources platform Resume Genius finds the top 10 AI-proof careers expected to see the most growth within the next decade.

Business Ideas

70 Small Business Ideas to Start in 2025

We put together a list of the best, most profitable small business ideas for entrepreneurs to pursue in 2025.